NSSCryptoModuleSpec/Section 1: Cryptographic Module Specification

From MozillaWiki
Jump to: navigation, search

This is a draft document

Document Description

DTR Section

Assessment

Status

Approved mode of operation

VE.01.03.01
VE.01.03.02

Security Policy Rule 15
Approved Mode of Operation

Draft
Processor interfaces VE.01.06.01
VE.01.06.02
(N/A) NSS is a software cryptographic module that runs on a general purpose computer. Draft
Modules Components VE.01.08.01
VE.01.08.02
Module Components Draft
Cryptographic Boundary

VE.01.08.03
VE.01.08.04
VE.01.08.05

Cryptographic Boundary Draft
Physical Description

VE.01.08.06
VE.01.08.07

(N/A) a general purpose computer Draft
Excluded Components

VE.01.09.01
VE.01.09.02

Module Components Draft
Algorithm Certificates

VE.01.12.01
VE.01.12.02

Approved Algorithms

Non-Approved algorithms may only be used in non-FIPS mode, unless an exception is noted:

  • MD2
  • MD5: may be used in the TLS pseudo-random function (PRF) in FIPS mode
  • DES: may be used for interoperation with legacy systems in FIPS mode
  • RC2
  • RC4
  • Camellia
  • SEED
  • JPAKE
  • HKDF
Draft
Hardware Diagrams

VE.01.13.01
VE.01.13.02
VE.01.13.03

Hardware Diagram Draft
Block Diagram

VE.01.13.04

The physical cryptographic boundary of the NSS module surrounds all the components of the general purpose computer. The logical cryptographic boundary is shown in Cryptographic Boundary Draft
Design Specification

VE.01.14.01

The design of the software contained in the NSS module is specified in Design Specification Draft
Security Policy

VE.01.15.01
VE.01.16.01

Security-Related Information
Security Policy
Draft

Return to: NSSCryptoModuleSpec